Writing fuzz tests with ease using Bazel
We are announcing Bazel support for developing and testing fuzz tests, with OSS-Fuzz integration, through the new rules_fuzzing Bazel library.
- Implement a fuzz driver function, which exercises the API under test;
- Build the code with the proper instrumentation (such as Address Sanitizer);
- Link it with one of the available fuzzing engine libraries (libFuzzer, AFL++, Honggfuzz, etc.) that provide the core test generation logic;
- Run the fuzz test binary with the right set of flags (e.g., to specify corpora or dictionaries);
- Package the fuzz test and its resources for consumption by fuzzing infrastructures, such as OSS-Fuzz.
Unfortunately, build systems don’t traditionally offer any support beyond the core primitives of producing executables, so projects adopting fuzzing often end up reimplementing fuzz test recipes.
name = “my_fuzz_test”,
srcs = [“my_fuzz_test.cc”],
deps = [“:my_library”],
$ bazel run –config=asan-libfuzzer //:my_fuzz_test_run
To improve the effectiveness of test case generation, fuzz tests also support seed corpora and dictionaries, through additional rule attributes. They will automatically be validated and included in fuzz test runs. Fuzz tests also serve as regression tests on the seed corpus. For example, you can add previously found and fixed crashes to the corpus and have them tested in your CI workflows:
$ bazel test –config=asan-replay //:my_fuzz_test
The fuzzing rules provide built-in support for OSS-Fuzz, our continuous fuzzing service for open source projects. The OSS-Fuzz support drastically simplifies writing the build scripts in project integration by automatically packaging the fuzz test and its dependencies using the expected OSS-Fuzz structure.
The Envoy Proxy project is one of the early adopters of the fuzzing rules library. As a large, mature C++ codebase, Envoy has maintained its own custom implementation of fuzzing support for its over 50 fuzz targets written so far. By switching to the new Bazel fuzzing rules, Envoy’s fuzz targets automatically gained new features, such as local running and testing tools and support for multiple fuzzing engines. At the same time, Envoy simplified its OSS-Fuzz integration scripts. Moreover, it will automatically gain future functionality (e.g., more effective fuzzing engines, better coverage tracking, improved corpus management) as the Bazel fuzzing rules library evolves.
The Bazel rules for fuzzing draw from Google’s experience providing effective fuzzing tools to our internal developers. We hope the new Bazel support for fuzzing will lower the barrier to fuzzing adoption in open source communities, further increasing the security and reliability of many projects. To learn more about integrating the fuzzing rules into your project, take a look at the Getting Started section in the documentation.
By Stefan Bucur, Software Analysis, Asra Ali, Envoy, and Abhishek Arya, OSS-Fuzz – Google
Related Google News:
- Managing schema changes on Cloud Spanner using Liquibase February 11, 2021
- Set up Anthos Service Mesh for multiple GKE clusters using Terraform February 2, 2021
- Introducing VM Manager: Operate large Compute Engine fleets with ease January 28, 2021
- Custom object detection in the browser using TensorFlow.js January 22, 2021
- Go green: Sustainable disaster recovery using Google Cloud January 21, 2021
- Loading complex CSV files into BigQuery using Google Sheets January 14, 2021
- Using machine learning to improve road maintenance January 13, 2021
- Tips for writing and deploying Node.js apps on Cloud Functions December 23, 2020